Tuesday, August 4, 2009

BlackHat 2009 and Defcon 17: EV SSL MITM Demo

For the second year in a row I had BlackHat live demo issues. Shame on me.

Fortunately, the demo worked at Defcon. Had it not worked, however, I was prepared with a video thanks to Camtasia.

You can view the video here.

The demonstration shows a MITM using a regular SSL certificate (Domain Validated) to intercept data sent to a site protected with an Extended Validation (EV) SSL certificate. Since the browser treats the high-assurance EV certificate the same as a low-assurance DV certificate, the user is never warned about any connection downgrade. All they might notice is the "flicker" of the green EV badge.